Hafiz and Fang win best paper award at international symposium

Munawar Hafiz, assistant professor in Auburn University’s Department of Computer Science and Software Engineering, and Ming Fang, graduate student in the same department, received the Best Paper Award at the 8th International Symposium on Empirical Software Engineering and Measurement (ESEM) conference.

Their paper, “Discovering Buffer Overflow Vulnerabilities in the Wild: An Empirical Study,” uncovered valuable information about what happens during the detection, analysis and reporting of buffer overflow vulnerabilities.

A buffer overflow occurs when a program or process tries to store more data in a buffer – or a temporary data storage area – than it was intended to hold. The researchers performed a study on experts who reported buffer overflow vulnerabilities that were featured in a popular reporting site during a full calendar year. Hafiz and Fang focused on the approach taken by the developers to explore buffer overflows in software, the tools they use, and the method for how they report vulnerabilities.

Their findings determined that despite the diversity of the reporters, there is a common method reporters follow to detect buffer overflow vulnerabilities. The results are valuable for beginners exploring how to detect and report buffer overflows and for tool vendors and researchers discovering how to automate and correct the process.

Hafiz presented the paper at the conference held Sept. 18-19 in Torino, Italy. He also took home the Best Presentation award at ESEM, voted by popular choice.

ESEM is the premiere conference on empirical software engineering. The conference encourages the exchange of ideas that help explore, understand and model phenomena in software engineering.